The Trust Audit for Privacy-First Midnight dApps.
Zero-knowledge doesn't mean zero-bugs. Grid audits the things that make or break a Midnight app: what your Compact contract really discloses, whether your proof server leaks witnesses, and how your SDK handles private state.
Private by default is not safe by default.
Midnight makes data private unless you explicitly disclose() it — but the compiler only stops accidental disclosure. It won't catch an ownPublicKey() auth bypass, an unconstrained witness, a brute-forceable hash, or a proof server quietly configured to a remote host. Those are the bugs that drain funds and leak users.
What Grid reviews
Compact Contracts
ownPublicKey() auth traps, under-constrained witnesses, unintended disclosure, replay/nullifier gaps, Field/Uint arithmetic, commitment & domain-separation soundness.
Proof Servers
The proof server sees plaintext witnesses — it must be local. We flag remote/shared proving, missing network pins, and trust-boundary leaks.
SDK Integration
The TypeScript layer around a contract: remote proof providers, secrets in logs or CLI args, witness implementations that leak, private-state handling.
How an audit runs
Submit
Paste a Compact contract, proof-server config, or SDK source.
Static pass
Deterministic checks for the known Midnight traps — each finding cites a line.
Deep review
A Claude pass reasons over the code for novel, contextual issues. (Phase 2)
Report
Severity-ranked findings with evidence, taxonomy class, and a concrete fix.
Audit a Midnight contract now.
Local, deterministic, line-cited findings.